Materialize-css vulnerable to Improper Neutralization of Input During Web Page Generation
- Severity:
- Medium
Description
In Materialize through 1.0.0, XSS is possible via the Toast feature.
Recommendation
Update the @materializecss/materialize package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.1.0-alpha
- Patched version(s): 1.1.0-alpha
References
Related Issues
- Materialize-css vulnerable to Improper Neutralization of Input During Web Page Generation (GHSA-rg3q-jxmp-pvjj) - CVE-2019-11004
- Improper Neutralization of Input During Web Page Generation in Select2 - CVE-2016-10744
- Improper Neutralization of Input During Web Page Generation in swagger-ui - CVE-2016-1000229
- materialize-css vulnerable to cross-site Scripting (XSS) due to improper escape of user input - CVE-2022-25349
- Tags:
- npm
- @materializecss/materialize
Anything's wrong? Let us know Last updated on August 28, 2023